Manager of IT Audit & Compliance Location: Office-first The mission of the Manager, IT Audit & Compliance is to own and optimize Vendasta’s IT audit, compliance, privacy, and risk management functions. This role exists to ensure the organization maintains continuous audit readiness, meets global regulatory requirements, and provides customers with unwavering confidence in our security posture. Success requires a blend of deep technical expertise in frameworks like SOC 2 and ISO 27001, combined with the leadership to recruit and develop a high‑performing team while integrating AI‑driven automation to enhance compliance scalability. About the Job Reporting to the VP of IT & Security, the Manager of IT Audit & Compliance leads the R&D- IT & Security department in overseeing the enterprise IT risk register, identifying and assessing risks while balancing mitigation with business innovation. You will serve as the primary point of contact for external auditors and regulators, managing the internal IT audit program, the IT policy lifecycle, and global regulatory compliance (GDPR, PIPEDA, HIPAA). This managerial role involves recruiting and developing a team of compliance, privacy, and risk analysts while leading team-level AI adoption and workflows. Your Impact Audit Outcomes: Achieve clean audit opinions (SOC 2, ISO 27001) with minimal or no exceptions. AI Efficiency Gains: Achieve a 15–20% reduction in manual reporting and evidence collection tasks through the adoption of AI-augmented workflows. Risk Remediation Velocity: Ensure 100% of high-priority risks are documented in the register with active treatment plans meeting agreed-upon timelines. SLA Achievement: Ensure 100% of customer security assessments and data subject requests are completed within regulatory or business timelines. Team Leadership: Build future leaders within the function, coaching team members on prompt optimization and setting goals for AI usage. Organizational Maturity: Enable the Sales team by ensuring customer security assessments are completed promptly and maintaining 95%+ organization-wide completion of required compliance training. What You Bring to the Table 7–10+ years of experience in IT audit, compliance, or risk management, ideally within a SaaS or technology environment. Deep regulatory knowledge and expert-level understanding of SOC 2, ISO 27001, GDPR, and HIPAA. Proven experience recruiting and mentoring high-performing teams with the ability to manage complex cross-functional stakeholders. Proficiency with GRC platforms (e.g., Vanta, Drata, OneTrust) and experience leveraging AI for trend analysis and insights. AI proficiency, including the ability to assess and integrate AI solutions into compliance responsibilities and prompt engineering for GRC automation. Ability to communicate clearly and effectively in written and verbal formats. Bachelor’s degree in Information Systems, Computer Science, or Business preferred. Professional certifications such as CISA, CRISC, CISSP, or CIPP are highly preferred. Demonstrated use of AI tools in professional settings or AI literacy certification is considered a strong asset. Perks Competitive health benefits, flex time, and annual work-from-anywhere options. Equity opportunities and a chance to directly shape our AI future. A vibrant workplace culture that embraces experimentation, thought leadership, and continuous learning. A place where building AI isn’t just a buzzword, it’s the core of everything we do. #J-18808-Ljbffr